This shows you the differences between two versions of the page.
aws_how_to [2017/07/02 02:23] k2patel old revision restored (2011/10/26 18:25) |
aws_how_to [2020/08/10 02:35] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Amazon Cloud How to ====== | ||
- | These are the commands i have used during my course of action. | ||
- | |||
- | ==== Sending Regular SSL / Key / Bundle to ELB ==== | ||
- | Forget what they say and print on form.\\ | ||
- | |||
- | Format require - \\ | ||
- | * Key - RSA | ||
- | * CRT - x509 | ||
- | * CA Bundle - What ever supplied. | ||
- | |||
- | Usually that's the standard form of information you have used on Apache so just use it.\\ | ||
- | |||
- | NOTE : | ||
- | - In case your key through an error try using following command | ||
- | |||
- | <code bash> | ||
- | openssl rsa -in www.k2patel.in.key -text | ||
- | </code> | ||
- | |||
- | Now look at the end you will see RSA Cert with standard Enclosure "----- <TYPE> -----" | ||
- | |||
- | Now if you have PKCS12 Exported Certs then please follow instruction below to get key / certs. | ||
- | |||
- | <code bash | Extracting Keys > | ||
- | openssl pkcs12 -nocerts -in export_test.p12 -out www.k2patel.in.key | ||
- | </code> | ||
- | |||
- | <code bash | Extracting Certificate > | ||
- | openssl pkcs12 -clcerts -nokeys -in export_test.p12 -out www.k2patel.in.crt | ||
- | </code> | ||
- | |||
- | For further Help see "openssl pkcs12 --help" | ||
- | |||
- | Now you need to convert key to RSA. | ||
- | |||
- | <code bash | converting previously generated key to RSA> | ||
- | openssl rsa -in www.k2patel.in.key -out www.k2patel.in.RSA.key | ||
- | </code> | ||
- | |||
- | At this point you are almost done, you just need to upload it to LB.\\ | ||
- | Considering you already have existing LB. | ||
- | |||
- | <code bash | Upload Certificate to Amazon> | ||
- | iam-servercertupload -b www.k2patel.in.crt -c gd_bundle.crt -k www.k2patel.in.com.rsa.key -d -s www.k2patel.in | ||
- | </code> | ||
- | |||
- | You can list all your certificate on amazon. | ||
- | |||
- | <code bash | List All your certificate> | ||
- | iam-servercertlistbypath | ||
- | </code> | ||
- | |||
- | Now Assign certificate to ELB. | ||
- | |||
- | **NOTE : \\ | ||
- | You can change your certificate assignment live.\\ | ||
- | Simply add new certificate and do next step replace existing assignment.** | ||
- | |||
- | |||
- | |||
- | <code bash | assign certificate to port> | ||
- | elb-set-lb-listener-ssl-cert test-lb --lb-port 9031 --cert-id 'arn:aws:iam::123456789101:server-certificate/www.k2patel.in' | ||
- | </code> | ||
- | |||
- | You are good to GOLDEN | ||
- | |||
- | |||
- | ==== Playing with Amazon ELB ==== | ||
- | |||
- | === Create LB using ELB API === | ||
- | <code bash | Create lb> | ||
- | elb-create-lb elb-test1 --availability-zones us-east-1b --listener "protocol=http, lb-port=80, instance-port=9130" --listener "protocol=https, lb-port=443, instance-port=9130,cert-id=arn:aws:iam::123456789101:server-certificate/www.k2patel.in" | ||
- | </code> | ||
- | |||
- | <code bash | Register Instance> | ||
- | elb-register-instances-with-lb elb-test1 --instances i-12345678 | ||
- | </code> | ||
- | |||
- | <code bash | Register Listeners on ELB > | ||
- | elb-create-lb-listeners v3-test --listener "lb-port=9145,instance-port=9145,protocol=https,instance-protocol=https,cert-id=arn:aws:iam::123456789101:server-certificate/www.k2patel.in" | ||
- | </code> | ||
- | |||
- | |||